Information Technology: The Myth of Control
July 12, 2015
In the good old days circa 1962, one went to a computer center. In the center was a desk, usually too high to be comfortable for the supplicant to lean comfortably. There were young people ready to ask the supplicant to sign in, fill out a form to request computer time, and wait. Once in a while, a supplicant would be granted a time slot on a keypunch machine. Most of the time, the supplicant was given an time slot. But that was the start of the process.
I won’t bore you with the details of submitting decks of punched cards, returning to get a green bar print out, and the joy or heartbreak of finding out that you program ran or did not.
I figured out quickly that working in the computer center was the sure fire way to get access to the computer, a giant IBM thing which required care and feeding of two or three people plus others on call.
The pain of those experiences have not gone away, gentle reader. If you are fortunate enough to be in a facility with a maybe-is or maybe-isn’t quantum computer, the mainframe mentality is the only way to go. There are research facilities with even more stringent guidelines, but the average mobile phone user thinks that computer use is a democracy. Wrong. Controls are important. Period. But senior management, not information technology, has the responsibility to steer the good ship Policies & Procedures.
It is not. It never will be.
When I read “Cloudy with a Chance of Data Loss: Has Corporate IT Lost Control?” I was not comfortable. The reality is that corporate information technology has control in certain situations. In others, for all practical purposes, there is no organizational information technology department.
MBAs, venture capital types, and those without patience what what they want when they want it. The controls are probably in place, but the attitude of these hyper kinetic history majors with a law degree is that those rules do not apply to them. Toss in a handful of entitled but ineffective middle school teachers and a clueless webmaster and you have the chemical components of bone head information technology behaviors.
The information technology professionals just continue to do their thing, hoping that they can manage the systems in today’s equivalent of a 1960s air conditioned, sealed off, locked, and limited access computer room.
Other stuff is essentially chaos.
The write up assumes that control is a bad thing. The write up uses words like “consumer oriented,” “ease of use,” and “ownership.” The reason a non mainframe mentality exists among most people with whom I interact is a reptilian memory of the mainframe method. For most people, entitlement and do your own thing are the keys to effective computing.
If an information technology professional suggests a more effective two factor authentication procedure or a more locked down approach to high value content—these people are either ignored, terminated, or just worked around.
As a result of organization’s penchant for hiring those who are friendly and on the team, one gets some darned exciting information technology situations. Management happily cuts budgets. One Fortune 100 company CFO told me, “We are freezing the IT budget. Whatever those guys do, they have to do it with a fixed allocation.” Wonderful reasoning.
The write up concludes with this statement:
Modern IT departments realize that to overcome security challenges they must work together with users– not dictate to them. The advent of the cloud model means that smart users can readily circumvent restrictions if they see no value in abiding by the rules. IT teams must therefore be inclusive and proactive, investing in secure file-sharing solutions that are accepted by users while also providing visibility, compliance and security. Fortunately, there are good alternatives for the 84 per cent of senior IT management who admit they are “concerned” over employee-managed cloud services. The bottom line is this: there are times when we all need to share files. But there is never an occasion when any of us should trust a consumer-grade service with critical business data. It simply presents too many risks.
Nope. The optimal way in my view is for organizations to knock off the shortcuts, focus on specific methods required to deliver functionality and help reduce the risk of a “problem,” and shift from entitlement feeling good attitudes to a more formal, business-centric approach.
It is not a matter of control. Commonsense and the importance of senior management to create a work environment in which control exists across business policies and procedures.
The hippy dippy approach to information technology is more risky than some folks realize. As the wall poster in my server room says, “Ignorance is bliss. Hello, happy.”
Stephen E Arnold, July 12, 2015